Android Question [SOLVED] Issue with Google Play App Signing

[ema01]

EDIT: Remember to update your build tools, i was signing with 27.0.1 and it wouldn't accept a key encrypted with RSA. Updated to 30.0.1 and it signed

--- OP ---

Hi, because reasons i had to enable google app signing so i am trying to follow this guide: https://www.b4x.com/android/forum/threads/google-play-app-signing.91703/
I am having problems in the last step, signing the app, which is failing with these messages

Keystore password for signer #1:
Failed to load signer "signer #1"
java.io.IOException: Invalid keystore format
        at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
        at sun.security.provider.KeyStoreDelegator.engineLoad(Unknown Source)
        at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(Unknown Source)
        at java.security.KeyStore.load(Unknown Source)
        at com.android.apksigner.ApkSignerTool$SignerParams.loadKeyStoreFromFile(ApkSignerTool.java:829)
        at com.android.apksigner.ApkSignerTool$SignerParams.loadPrivateKeyAndCertsFromKeyStore(ApkSignerTool.java:719)
        at com.android.apksigner.ApkSignerTool$SignerParams.loadPrivateKeyAndCerts(ApkSignerTool.java:659)
        at com.android.apksigner.ApkSignerTool$SignerParams.access$500(ApkSignerTool.java:611)
        at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:266)
        at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:89)

The key was generated using keytool in OpenJDK 11.0.1. I am 100% sure i am typing the correct password.
From a brief search on the net it seems that there are two possible causes:
- Certain special Characters in password field, but there aren't any.
- Issues with zipalign but i don't see why it would matter if the target file is aligned?
What am i doing wrong ?

 

[Erel]

Is this a new app or an update to an existing app?

The key was generated using keytool in OpenJDK 11.0.1

How did you create the original key?

 

[ema01]

Hi erel,
backstory:
App was originally made by an external studio, before we started making our own apps for our products (they use xamarin). Then, a new app was devloped by me using B4A/B4i and we wanted to treat it as an update.
So, new app to update and existing app

We got the key from the studio but i couldn't use it to sign the app from B4A for some reason (i think B4A expect the alias to be "b4a", correct?)
So i tried the manual signing process, but that must have failed for some reason or i would have lived with it.

Then we upgraded to google app signing since we could give the old key and a new replacement key, and of course i provided the key i was using for development of the new app, but then i still couldn't update using the app compiled from B4A so i requested a key update.

From the email exchange with google support, it appears that their problem is that they want the key to be encoded with RSA and the certificate i provided them using the key generated by B4A didn't work for them

So i followed their instructions and generated the key/certificate as such

C:\java\jdk-11.0.1\bin\keytool.exe -genkeypair -alias alias_name -keyalg RSA -keysize 2048 -validity 9125 -keystore key_name.jks
Enter keystore password: * Entered Password *
Re-enter new password: * Entered Same Password *
What is your first and last name?
[Unknown]: * My name *
What is the name of your organizational unit?
[Unknown]: * My company *
What is the name of your organization?
[Unknown]: * My company *
What is the name of your City or Locality?
[Unknown]: * Company's Town *
What is the name of your State or Province?
[Unknown]: * Province *
What is the two-letter country code for this unit?
[Unknown]: IT
Is [..] correct?
[no]: yes

C:\java\jdk-11.0.1\bin\keytool.exe -export -rfc -alias alias_name -file app_upload_certificate.pem -keystore key_name.jks
Enter keystore password: * Entered Password *
Certificate stored in file <app_upload_certificate.pem>

and this was accepted by google

 

[Erel]

(i think B4A expect the alias to be "b4a", correct?)

It can be changed with the #SignKeyAlias attribute.

You can always compile your app without signing it and sign it yourself with keytool.
See this: https://www.b4x.com/android/forum/threads/b4x-comment-links.119897/post-752828
And: https://www.b4x.com/android/forum/t...ilder-command-line-compilation.50154/#content

 

[ema01]

It can be changed with the #SignKeyAlias attribute.

Good to know for the future.

In the meantime, i decided that the problem must have been with apksigner because i could load the key no problem.
And in fact it was.
I was using the apksigner in build tools version 27.0.1
I downloaded the build tools version 30.0.2 and it signed succesfully.

I am sure that they changed somehting in apksigner to handle RSA encryption.
maybe you could add a note in the google app signing tutorial? (or if it was there, i totally missed it)